[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-devel-list
Subject:    Re: Restricting automounting of uncommon filesystems?
From:       "Richard W.M. Jones" <rjones () redhat ! com>
Date:       2023-07-24 14:47:16
Message-ID: 20230724144716.GE7781 () redhat ! com
[Download RAW message or body]

On Mon, Jul 24, 2023 at 10:08:50AM -0400, Demi Marie Obenour wrote:
> I saw that libguestfs has a guestmount(1) tool, and I think this could be
> a potential solution.  An exploit against the kernel FS driver would only
> grant access to a KVM guest, and the QEMU process can be tightly sandboxed
> by means such as seccomp and SELinux.

Right.  guestmount does however use an unholy combination of FUSE and
proxying requests through the KVM guest so this wouldn't be very fast :-/

There's a native API which is much faster, which might be used by gvfs
(or whatever the gnome abstract filesystem thing is called).  I think
that would allow GNOME's file manager to work, and would be a lot
faster.

Rich.

> I still believe that mounting should _not_ be automatic, though, because
> it could have side-effects (such as replaying the FS journal) that might
> not be wanted.  To prevent prompt fatigue, Fedora could offer to remember
> the user's choice.
> -- 
> Sincerely,
> Demi Marie Obenour (she/her/hers)
> _______________________________________________
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[prev in list] [next in list] [prev in thread] [next in thread]